# Set default drop polcy on all tables iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
# Allow replies out for anything which comes in iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow the machine to do its own DNS lookups iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # Allow replies in for anything which goes out (eg DNS) iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow the world to access by HTTP iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow the world to access by FTP (you *did* want that, yes?) iptables -A INPUT -p tcp --dport 21 -j ACCEPT # Allow the world to access by SSH (would be nicer to restrict by IP addres, but we can't, so....) iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Okay, I did this, and received the following when I tried to FTP into the site:
i Control connection successfully established.
< 220 ProFTPD FTP Server ready.
i Time zone of server could not be determined.
> USER admin
< 331 Password required for admin.
> PASS <password>
< 230 User admin logged in.
> SYST
< 215 UNIX Type: L8
> PWD
< 257 "/home/admin" is current directory.
> PASV
< 227 Entering Passive Mode (207,36,232,90,132,36).
i Data connection A8 could not be established (10060).
followed by a notice that the connection timed out. Changing the FTP parameters didn't have much effect. Also, the browser connects to the site, but times out before displaying any data. And everything is *s-l-o-w*.
Any ideas?
